Amendments to the Claims 

1 Claim 1 (currently amended): A computer-implemented method of achieving context-sensitive 

2 confidentiality among security domains within a federated environment that spans a plurality of 

3 security domains , the method comprising steps of : 

4 determining a route to be taken by a content request message to be transmitted from a 

5 content requester in the federated environment to a content provider in the federated 

6 environment , [[where]] wherein: 

7 the route comprises a network transmission path which begins at the content 

8 requester and ends at the content provider and passes through a plurality of intermediary 

9 nodes, each of the intermediary nodes located between the content requester and the content 

10 provider on the network transmission path; 

11 the route is determined by consulting stored policy that specifies, for the 

12 content receiver sending the content request message to the content provider, the network 

13 transmission path; and 

1 4 the route spans a plurality of the security domains; 

15 storing the determined route at a network-accessible location; 

1 6 determining, prior to transmitting the content request message from the content 

17 requester, a plurality of portions of the content request message that are security-sensitive, 

18 further comprising using a context to consult stored policy that identifies the security-sensitive 

1 9 portions which are applicable to that context, wherein the context comprises an identification 
2 0 of the content requester, an identification of the content provider, and a message type 
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21 identifying the content request message; 

2 2 determining , prior to transmitting the content request message from the content 

2 3 requester, rights of each of the intermediary nodes to be encountered on the determined route 

2 4 to access each of the determined security-sensitive portions of the content request message,! 

2 5 further comprising consulting stored policy for each of the intermediary nodes, wherein the 

2 6 stored policy specifies whether this intermediary node is entitled to access this security- 

2 7 sensitive portion of the content request message ; 

2 8 specifying, in unencrypted form in the content request message, the message type; an 

2 9 identifier of the network-accessible location where the determined route is stored; and a 

3 0 plurality of message receiver elements, wherein a separate one of the message receiver 

31 elements is specified for each of the intermediary nodes that is entitled to access each of the 

32 security-sensitive portions, the separate one specifying an identification of that intermediary 

33 node as a permitted receiver of that security-sensitive portion and a node-specific keyword 

34 corresponding to that intermediary node; 

3 5 selectively protecting the security-sensitive portions of the content request message, 

3 6 according to the determined access rights by encrypting, for each of the security-sensitive 

37 portions of the content request message, that security-sensitive portion separately for each 

38 distinct one of the intermediary nodes which is entitled to access that security-sensitive portion 

3 9 and storing that separately-encrypted security-sensitive portion in the content request message 

4 0 in association with the node-specific keyword corresponding to that distinct one of the 

41 intermediary nodes, thereby enabling each of the intermediary nodes to locate and access each 
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42 of the security-sensitive portions which it is entitled to access and preventing that intermediary 

4 3 node from accessing any of the security-sensitive portions which it is not entitled to access ; and 
4 4 transmitting the content request message with its selectively-protected portions from 

4 5 the content requester to the content provider on the determined route , wherein: 
4 6 the transmitted content request message contains information identifying an 

4 7 authentication authority from a first of the security domains and an identification of a party for 

4 8 which the content request message requests access to services and indicates that the identified 

4 9 authentication authority has already authenticated the party using security credentials of the 

5 0 party in the first security domain; 

51 the intermediary nodes and the content provider, upon receiving the content 

52 request message in other ones of the security domains, can bypass authentication of the party 

53 for access to services of that other security domain, upon verifying authenticity of the 

54 authentication authority, establishing that the authentication authority vouches for the received 

55 content request message, and using the identification of the party to locate previously-stored 
5 6 security credentials for the party which are usable within that other security domain; and 

57 the security credentials for the party in at least one of the other security 

5 8 domains are different from the security credentials of the party in the first security domain . 

Claim 2 (canceled) 

1 Claim 3 (currently amended): The method according to Claim 1, wherein the selectively 
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2 protecting [[step]] further comprises the step of computing a digital signature over at least one 

3 of the security-sensitive portion portions of the content request message. 

Claims 4-5 (canceled) 

1 Claim 6 (currently amended): The method according to Claim 1, further comprising the step 

2 of determining a role of at least one of the intermediary nodes to be encountered , and wherein 

3 the step of determining the access rights further comprises the step of using the determined 

4 role when consulting the stored polic y for each determined role , wherein the stored policy 

5 specifics whether nodes in that role arc entitled to access this security-sensitive portion of the 

6 content request message, acc e ss rights for that role. 

Claim 7 (canceled) 

1 Claim 8 (currently amended): The method according to Claim [[7]] 1, wherein the encrypting 

2 step uses a public key associated with each of the intermediary nodes for which the encrypting 

3 step-operates. 

Claims 9-11 (canceled) 

1 Claim 12 (currently amended): The method according to Claim 1, further comprising the steps 
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2 of: 

3 receiving the transmitted content request message at a selected one of the intermediary 

4 nodes on the determined route; 

5 using the identifier of the network-accessible location where the determined route is 

6 stored, by the selected one, to locate a next hop for forwarding the content request message 

7 from the selected one on the determined route; 

8 locating, by the selected one, each of the separate ones of the message receiver 

9 elements that specifies the identification of the selected one and retrieving therefrom the 

10 specified node-specific keyword; and 

1 1 securely accessing only those ones of the selectively-protected portions of the received 

12 content request message to which the selected [[node]] one has access rights by using each of 

13 the retrieved node-specific keywords to locate and access only those ones of the sccurity- 

14 sensitive portions which the selected one is entitled to access . 

Claim 13 (canceled) 

1 Claim 14 (currently amended): The method according to Claim [[13]] 1, wherein the 

2 authentication authority is determined to vouch for the received content request message if a 

3 digital signature computed by the authentication authority and transmitted with the content 

4 request message is determined, by the intermediary node or the content provider, upon 

5 receiving the content request message in the one of the other security domains, to be valid. 
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1 Claim 15 (currently amended): The method according to Claim [[13]] 1, wherein the 

2 transmitted content request message contains security credentials of the party, where those 

3 security credentials have been authenticated by the identified authentication authority and are 

4 protected such that only authorized ones of the intermediary nodes and the content provider, 

5 upon receiving the content request message in other ones of the security domain can access 

6 the protected security credentials. 

Claims 16-21 (canceled) 
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